LDAP Authentication #168 | Support Center

mpm created 9 years ago

Halil,

I'm not certain I fully understand how to enable LDAP integration. I've Enabled LDAP in the CoreModule.cs as follows:

//Enable this line to create a multi-tenant application.
//Configuration.MultiTenancy.IsEnabled = true;

//Enable LDAP authentication (It can be enabled only if MultiTenancy is disabled!)
Configuration.Modules.ZeroLdap().Enable(typeof(AppLdapAuthenticationSource));

I'm not sure of the next steps? Do I need to drop in a LdapSettingProvider and LdapSettings class, then call Configuration.Settings.Providers.Add<LdapSettingProvider>?

Are changes needed in the AccountController to support LDAP.

Thanks for your assistance, MPM

9 Answer(s)

0

hikalkan created 9 years ago
Support Team

No, that's all. Run the application, login and open settings page, you will see LDAP settings. It's completely integrated to the system. See TenantSettingsAppService to know how to get/set LDAP settings.
0

hikalkan created 9 years ago
Support Team

BTW, LDAP automatically works without configuration if you are in a domain and application has no restriction. Just try to enter with your LDAP user if you are in a domain.
0

hikalkan created 9 years ago
Support Team

Hi again,

Sorry, I missed to say that "you should enable it on Setting page". See screenshot below:

[attachment=0:121pq9mp]ldap-settings.png[/attachment:121pq9mp]

Then you will be able to login with your LDAP (Active Directory) user name and password.
0

clientfocusdev created 9 years ago

When you say " application has no restriction" are you meaning there is some setup to allow some defaults to work within the AD configurations?

I have everything setup now, LDAP is enabled (MT disabled, admin logs in correctly), but when logging into the application with an LDAP account it simply errors with either an internal error or invalid credentials. Does the AD account need to create it's own user in the Iteration Zero project, or are there changes in the Zero Localization files to accommodate AD containers, domains and admin users rights?
0

hikalkan created 9 years ago
Support Team

Hi,

Can you share exact logged error message (in Logs folder of web project). Did you enter domain, user and password in settings page? It may be because of your domain user has no permission to quest user/pass informations. You may ask to your system administrator.

Actually, LDAP authenticate check code is very simple. You can see <a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/blob/master/src/Abp.Zero.Ldap/Ldap/Authentication/LdapAuthenticationSource.cs#L42">https://github.com/aspnetboilerplate/mo ... rce.cs#L42</a>

I simple creates a PrincipalContext and uses ValidateCredentials. You can create a simple console app and try it natively.
0
clientfocusdev created 9 years ago
ERROR 2015-06-23 13:09:49,494 [292 ] .Mvc.Controllers.AbpHandleErrorAttribute - System.Data.Entity.Validation.DbEntityValidationException: Validation failed for one or more entities. See 'EntityValidationErrors' property for more details.

**EDIT

This error is with LDAP working, but something else is wrong. I tested with incorrect domain information and got a different error, then with incorrect user information and got a login invalid error. It seems to be working correctly but after it authenticates this error comes up.

I think I have found out the issue here. I will let you know if I found a fix, thanks.
0

hikalkan created 9 years ago
Support Team

Hi,

If you can reach to EntityValidationErrors, it can help you to understand the problem better. For that please check this post: <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate/issues/62#issuecomment-54001552">https://github.com/aspnetboilerplate/as ... t-54001552</a> Then add a breakpoint in HandleEvent method. When error occurs, this method will handle the exception and you can see all details of the exception on debug.
0

mpm created 9 years ago

<cite>hikalkan: </cite> No, that's all. Run the application, login and open settings page, you will see LDAP settings. It's completely integrated to the system. See TenantSettingsAppService to know how to get/set LDAP settings.

That worked perfectly, thank you.
0
alukaszewski created 8 years ago
I'm also trying to get LDAP authentication working, but getting 'an internal error occured during your request' when I enter a valid domain username password.

Also, I have some questions that are not answered in documentation:

Do I need to configure user accounts within the admin console in advance?

What format should the username be entered? DOMAIN\Username, <a href="mailto:[email protected]">[email protected]</a> ?

How do I govern what pages an ldap authenticated user can access?

What IIS authentication settings should be enabled I use LDAP within Zero? Anonymous? Windows Auth? Both/None?

Thanks, Andy

Have an answer to this question? Log in and write your answer.